Lucene search
+L

131179 matches found

CNVD
CNVD
•added 2025/11/10 12:0 a.m.•5 views

Apple macOS Sequoia Permission Issues Vulnerability

Apple macOS Sequoia is an operating system announced by Apple on June 10, 2024 at the WWDC24 developer conference. Apple macOS Sequoia suffers from a privilege issue vulnerability that can be exploited by an attacker to cause a malicious app to gain root privileges...

7.8CVSS6.4AI score0.00156EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•5 views

Apple iOS and iPadOS Improvements for Underchecked Vulnerabilities

Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. Apple iOS and iPadOS contain an Improvement Check Insufficiency vulnerability that can be exploited by attackers to cause an application to monitor keystrokes without th...

5.4CVSS6.3AI score0.00215EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•3 views

Dell CloudLink Command Injection Vulnerability

Dell CloudLink is a data encryption and key management system from Dell USA. A command injection vulnerability exists in Dell CloudLink, which can be exploited by an attacker to execute arbitrary commands on the system...

6.7CVSS8.2AI score0.00384EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•7 views

MantisBT Authorization Issue Vulnerability (CNVD-2025-28527)

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. An authorization issue vulnerability exists in MantisBT 2.27.1 and earlier versions, which stems from insufficient...

5.3CVSS6.9AI score0.00241EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•34 views

Dell CloudLink Command Execution Vulnerability (CNVD-2025-28523)

Dell CloudLink is a data encryption and key management system from Dell USA. A command execution vulnerability exists in Dell CloudLink, which can be exploited by an attacker to gain shell access to the system...

8.4CVSS7.3AI score0.00746EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•5 views

Apple iOS and iPadOS Cache Mishandling Vulnerability

Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. A cache mishandling vulnerability exists in Apple iOS and iPadOS, which can be exploited by attackers to cause malicious applications to track users...

7.5CVSS6.3AI score0.00411EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•7 views

Apple macOS Sequoia Code Signature Limit Insufficiency Vulnerability

Apple macOS Sequoia is an operating system announced by Apple on June 10, 2024 at the WWDC24 developer conference. Apple macOS Sequoia suffers from an insufficient code signature restriction vulnerability that can be exploited by an attacker to access sensitive user data...

5.5CVSS6.8AI score0.00129EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•4 views

CanalDenuncia App Information Disclosure Vulnerability (CNVD-2025-30335)

CanalDenuncia App is a reporting channel application from CanalDenuncia Spain. An information disclosure vulnerability exists in CanalDenuncia App due to incorrect authorization validation of parameters iddenuncia and iduser in /backend/api/buscarTestigoByIdDenunciaUsuario.php. An attacker could...

8.7CVSS6.2AI score0.0027EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•5 views

Apple macOS Sequoia Privilege Restriction Insufficiency Vulnerability

Apple macOS Sequoia is an operating system announced by Apple on June 10, 2024 at the WWDC24 developer conference. Apple macOS Sequoia suffers from an insufficient privilege restriction vulnerability that can be exploited by an attacker to cause the disclosure of sensitive user data...

5.5CVSS6.1AI score0.00196EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/07 12:0 a.m.•2 views

File upload vulnerability in the multimedia integrated service display system of Beijing Shenzhou Vision Han Technology Co., Ltd. (CNVD-C-2025-823176)

Ltd. is a deep-rooted enterprise in the field of visualization. A file upload vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to write arbitrary files...

6AI score
Exploits0
CNVD
CNVD
•added 2025/11/07 12:0 a.m.•2 views

SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-822965)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
CNVD
CNVD
•added 2025/11/06 12:0 a.m.•3 views

UFIDA U8 Cloud suffers from SQL injection vulnerabilities (CNVD-C-2025-796292)

U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploite...

5.9AI score
Exploits0
CNVD
CNVD
•added 2025/11/06 12:0 a.m.•5 views

SQL Injection Vulnerability in Changjitong T+ of Changjitong Information Technology Co., Ltd (CNVD-C-2025-797319)

T+ is a dynamic, intelligent and fashionable Internet management software, mainly for small and medium-sized industrial, trade and commerce enterprises with integrated financial and business applications, incorporating elements of socialization, mobility, Internet of Things, e-commerce and Intern...

5.9AI score
Exploits0
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•3 views

Tenda AC23 saveParentControlInfo File Buffer Overflow Vulnerability

Tenda AC23 is a home dual-band wireless router launched by Tenda, focusing on large home coverage and high-speed transmission, supporting 802.11acWave2 technology, dual-band concurrent rate up to 2033Mbps. Tenda AC23 has a buffer overflow vulnerability, the vulnerability stems from the parameter...

9.8CVSS8.4AI score0.01141EPSS
Exploits2References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•2 views

Simple Online Hotel Reservation System add_account.php File SQL Injection Vulnerability

Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Name in the file...

7.2CVSS8.2AI score0.00411EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•13 views

Unspecified vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29072)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from an insufficient password...

9.8CVSS6.9AI score0.00312EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•3 views

Tenda AC8 DatabaseIniSet File Buffer Overflow Vulnerability

Tenda AC8 is a dual-band Gigabit wireless router from Tenda designed for home and small office environments. The Tenda AC8 suffers from a buffer overflow vulnerability that originates from manipulating the Time parameter in the /goform/DatabaseIniSet file without properly validating the input...

9.8CVSS8.3AI score0.05032EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•5 views

Unspecified Vulnerabilities in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29075)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from a firmware version mismatch. ...

5.3CVSS6.8AI score0.00189EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•4 views

WordPress kallyas plugin cross-site scripting vulnerability

WordPress kallyas plugin is a website builder designed for WordPress that offers theme and plugin functionality. WordPress kallyas plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can b...

6.4CVSS6.1AI score0.00176EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•5 views

WordPress kallyas plugin code execution vulnerability

WordPress kallyas plugin is a website builder designed for WordPress that offers theme and plugin functionality. A code execution vulnerability exists in WordPress kallyas plugin, which stems from unrestricted non-administrator access to the code editor widget, and can be exploited by an attacker...

8.8CVSS8.5AI score0.00533EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•4 views

Apache Airflow Security Bypass Vulnerability (CNVD-2025-30838)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. A security bypass vulnerability exists in Apache Airflow, which is...

4.6CVSS7AI score0.00396EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•4 views

Revive Adserver admin-search.php file cross-site scripting vulnerability

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...

6.3CVSS6.3AI score0.01374EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•8 views

Revive Adserver SQL Injection Vulnerability

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from an...

8.8CVSS8AI score0.00931EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•7 views

TOTOLINK LR350 http_host parameter stack buffer overflow vulnerability

TOTOLINK LR350 is a 4GLTE wireless router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. The TOTOLINK LR350 suffers from a stack buffer overflow vulnerability, which stems from the failure of the httphost parameter in the...

7.5CVSS7.2AI score0.00376EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•9 views

WordPress Document Library Lite plugin improper authorization vulnerability

WordPress Document Library Lite plugin is a WordPress plugin for creating document libraries and download management features with support for multiple file types and responsive layouts. The WordPress Document Library Lite plugin suffers from an improper authorization vulnerability that stems fro...

5.3CVSS6.8AI score0.0028EPSS
Exploits2References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•14 views

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Information Disclosure Vulnerabilities (CNVD-2025-29078)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from a lack of authentication. An...

10CVSS6.5AI score0.00312EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•3 views

News Portal settings.py File Information Disclosure Vulnerability

News Portal is a news portal. News Portal suffers from an information disclosure vulnerability that originates from an unknown function in the /onps/settings.py file that fails to properly handle sensitive data. The vulnerability can be exploited to insert sensitive information into debugging cod...

6.3CVSS4.8AI score0.00534EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•2 views

Simple Online Hotel Reservation System Code Issue Vulnerability

Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System has a code issue vulnerability that stems from a lack of valid validation of uploaded files by the Photo Handler component in file /admin/editroom.php. An attacker can use th...

7.2CVSS7.3AI score0.00387EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•7 views

Unspecified Vulnerabilities in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from multiple devices sharing the...

10CVSS6.9AI score0.00389EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•5 views

WordPress List category posts plugin information leakage vulnerability

WordPress List category posts plugin is a tool in WordPress for outputting specified category posts in a customized order. WordPress List category posts plugin suffers from an information disclosure vulnerability that stems from an insufficient catlist shortcode restriction, which can be exploite...

4.3CVSS6.2AI score0.00207EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•3 views

WordPress Consulting Elementor Widgets plugin file inclusion vulnerability

WordPress Consulting Elementor Widgets plugin is a plugin for the Elementor page builder that allows users to add and customize website content with drag and drop functionality. A file inclusion vulnerability exists in the WordPress Consulting Elementor Widgets plugin, which stems from not...

7.5CVSS6.3AI score0.00353EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•2 views

WordPress Flying Images plugin cross-site scripting vulnerability

WordPress Flying Images plugin is a WordPress plugin that is mainly used to optimize and delay loading images to improve page loading speed. WordPress Flying Images plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping ...

4.4CVSS6.1AI score0.0022EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•5 views

WordPress Plugin WooCommerce Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WooCommerce, which stems...

5.3CVSS5.7AI score0.00303EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•6 views

Unspecified vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29079)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from a TLS configuration...

10CVSS6.7AI score0.00221EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•3 views

WordPress Qi Blocks plugin missing authorization vulnerability

WordPress Qi Blocks plugin is a WordPress plugin developed by QodeInteractive, providing 81 customized Gutenberg blocks including 48 free modules and 33 premium modules, supporting WooCommerce, SEO and other 9 categories of functionality, creating complex layouts and integrating 550+ templates. A...

4.3CVSS7.1AI score0.00214EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•6 views

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Denial of Service Vulnerabilities

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 suffer from a denial of service vulnerability that stems from vulnerability to...

10CVSS6.7AI score0.00305EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•5 views

Dell Unity OS Command Injection Vulnerability (CNVD-2025-27584)

Dell Unity is a mid-range storage solution from Dell that supports file storage, block storage, and a variety of data services features designed to meet the needs of organizations for flexibility, cost-effectiveness, and simplicity. Dell Unity suffers from an operating system command injection...

7.8CVSS8.2AI score0.00719EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•4 views

Dell Unity OS Command Injection Vulnerability (CNVD-2025-27582)

Dell Unity is a mid-range storage solution from Dell that supports file storage, block storage, and a variety of data services features designed to meet the needs of organizations for flexibility, cost-effectiveness, and simplicity. Dell Unity suffers from an operating system command injection...

7.8CVSS7.7AI score0.00598EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•2 views

WordPress NS Maintenance Mode for WP plugin cross-site scripting vulnerability

WordPress NS Maintenance Mode for WP plugin is a WordPress plugin for setting a website into maintenance mode, displaying temporary pages to visitors during updates or maintenance while allowing administrators or designated users to access the backend. The WordPress NS Maintenance Mode for WP...

3.5CVSS6AI score0.00165EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•2 views

WordPress AppPresser plugin unauthorized data access vulnerability

WordPress AppPresser plugin is a tool for converting WordPress websites into iOS and Android native mobile apps with support for visual customization and feature extensions. WordPress AppPresser plugin suffers from an unauthorized data access vulnerability that stems from a lack of permission...

5.3CVSS6.5AI score0.00277EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•2 views

IBM Tivoli Monitoring Path Traversal Vulnerability

IBM Tivoli Monitoring is a set of system monitoring solutions introduced by IBM, mainly used for real-time monitoring of system performance, availability and application status in the enterprise IT environment. A path traversal vulnerability exists in IBM Tivoli Monitoring that stems from not...

7.5CVSS6.8AI score0.00483EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•2 views

IBM Tivoli Monitoring Path Traversal Vulnerability (CNVD-2025-29672)

IBM Tivoli Monitoring is a set of system monitoring solutions introduced by IBM, mainly used for real-time monitoring of system performance, availability and application status in the enterprise IT environment. A path traversal vulnerability exists in IBM Tivoli Monitoring that stems from not...

9.8CVSS6.8AI score0.00387EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•3 views

AIxBlock Cross-Site Scripting Vulnerability

AIxBlock is an AI automation platform. A cross-site scripting vulnerability exists in AIxBlock version 04f305, which stems from a modeldesc field that does not validate input and can be exploited by an attacker to cause a stored cross-site scripting attack...

6.1CVSS6.2AI score0.00184EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•3 views

Dell Secure Connect Gateway Relative Path Traversal Vulnerability

Dell Secure Connect Gateway is an enterprise-grade secure connectivity gateway appliance from Dell that is used to monitor hardware status, automate the creation of support requests, and securely communicate to safeguard device connectivity to Dell backend services. A relative path traversal...

4.3CVSS6.8AI score0.00275EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•3 views

WordPress Essential Addons for Elementor plugin Authorization Missing Vulnerability

WordPress Essential Addons for Elementor plugin is an extension plugin designed for Elementor page builder, offering over 80 advanced widgets and modules for creating professional web designs. The WordPress Essential Addons for Elementor plugin suffers from an Authorization Missing vulnerability...

2.7CVSS6.8AI score0.00208EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•4 views

WordPress ERI File Library plugin unauthorized data access vulnerability

The WordPress ERI File Library plugin is a lightweight plugin designed for WordPress to create and publish document galleries, with support for inserting documents via the Gutenberg editor or shortcode. WordPress ERI File Library plugin suffers from an unauthorized data access vulnerability that...

5.3CVSS6.8AI score0.00233EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•5 views

WordPress FuseWP plugin unauthorized data modification vulnerability

WordPress FuseWP plugin is a WordPress plugin for creating and managing multilingual websites. WordPress FuseWP plugin suffers from an unauthorized modification of data vulnerability that stems from a lack of capability check in the savechanges function, which can be exploited by an attacker to a...

4.3CVSS6.7AI score0.00189EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•6 views

TOTOLINK LR350 sub_4232EC function stack buffer overflow vulnerability

TOTOLINK LR350 is a 4GLTE wireless router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. The TOTOLINK LR350 suffers from a stack buffer overflow vulnerability, which stems from the wifiOff parameter failing to properly...

7.5CVSS7.1AI score0.00376EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•6 views

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Denial of Service Vulnerabilities (CNVD-2025-29073)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A denial of service vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which stems from a lack of graceful err...

10CVSS6.8AI score0.00337EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•5 views

Dell Unity OS Command Injection Vulnerability (CNVD-2025-27585)

Dell Unity is a mid-range storage solution from Dell that supports file storage, block storage, and a variety of data services features designed to meet the needs of organizations for flexibility, cost-effectiveness, and simplicity. Dell Unity suffers from an operating system command injection...

7.8CVSS8.2AI score0.00518EPSS
Exploits0References1
Total number of security vulnerabilities131179